List dedicated to discussions about use, configuration and deployment of
the IPA server. wrote:
> There's a method to check the replication status of FreeIPA masters by
> looking at objectClass=nsDS5ReplicationAgreement in the "cn=mapping
> tree,cn=config" part of LDAP.
> Unfortunately that requires Directory Admin level privileges.
> Is there a method to check those replication agreement details that uses
> a much lower privilege? We'd like to add a replication test to our
> Zabbix monitoring system, and we don't want to use the directory admin
> user ID :)
Create a privilege containing the permission "Read Replication
Agreements", add that to a new role, and your user to that role and that
should do it.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project